Chief Scientist Emeritus Fabian Yamaguchi and foundational Code Property Graph technology recognized with IEEE Test of Time Award
GitHub Copilot, the AI-powered coding assistant, has emerged as a game-changer in the software development landscape. By harnessing the power of generative AI, Copilot promises to accelerate coding tasks, boost developer productivity, and even democratize coding by making it more accessible to newcomers. However, as with any transformative technology, there are caveats. In Copilot’s case, […]
READ MOREWhile Bugs Bunny and company may be part of your favorite childhood memories, the Looney Tunables vulnerability could become one of your worst nightmares. CVE-2023-4911 remains under analysis but comes with a base Common Vulnerability Scoring System (CVSS) score of 7.8 (high). Primarily impacting Fedora, Ubuntu, and Debian, the easily exploitable buffer overflow vulnerability gives […]
As a developer, you know that the first rule of secure code club is to use trusted third-party repositories. However, threat actors engaging in software supply chain attacks target the trusted sources precisely because they know that developers are likely to use them. For example, in a recent blog post, a security researcher explained how […]
Software and application development has changed significantly with the introduction of cloud-based services. Historically, developers write code on local desktops or laptops, meaning attackers needed to compromise the physical device. Further, this limited malicious actors’ ability to compromise the entire source code because no single developer had it stored on their device in its entirety. […]
Introduction CORS: Four simple letters that carry immense weight in web security. As the digital landscape expands, the bridges that allow our applications to communicate become crucial. CORS is that bridge. The unsung hero ensures seamless interactions, but a slight misstep can lead to vulnerabilities. Let’s journey to understand CORS better and ensure our web […]
As telemedicine, AI diagnostics, and patient-centric apps gain traction, the role of secure and compliant application development is more crucial than ever. Leaders must now navigate this dual arena of rapid tech advancements and stringent data protection requirements in a field that is seeing a steady increase in cyberattacks and databreaches. What is the primary […]
“It was a dark and stormy night…” While this introduction works for spooky stories, no developer wants their app to become nightmare fuel. While you might be able to grab a flashlight to comfort yourself around a campfire, you don’t have the same protection when you’re working on an application. Increasingly, developers use third-party code […]
Containers are your continuous integration and deployment (CI/CD) workhorse. Your software development processes could exist without them, but the question becomes, “Do you really want to though?” Typically, the answer to that question is “no.” Simultaneously, as you shift security left, your DevOps processes increasingly transform into DevSecOps, adding new responsibilities. Your container runtime is […]
Introduction Let’s dive into the fascinating world of web security, specifically discussing a notorious threat – clickjacking. Imagine a user clicking on a button thinking they like a photo but instead transferring money from their bank account. Scary, right? That’s clickjacking for you. This threat not only compromises user trust but can also deal a […]
As the neverending stream of publications implementing Executive Order (EO) 14028 continue to drop, the National Institute of Standards and Technology (NIST) continues to provide additional guidance. At the end of August 2023, NIST released its most recent draft Special Publication (SP) 800-204D “Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD […]